Flash cookies - warning from BT's Chief Security T...

Similar Messages

• Looking for flash cookies (or .sol files)

  Good day, all
  Earlier this year I found out about Flash cookies (the .sol files). I didn’t like the idea so when I quit Safari I would run a search for .sol and then delete them all. Up until now I was using 10.3.9 for the OS and the 4 year old version of Safari.
  Last weekend I up dated to 10.5.8 for the OS and 4.0.2 for Safari as I was concerned about security. (All went smooth and they work fine. Thanks to all that gave advice on how to do this!)
  Now when I quit Safari and run the search for .sol I don’t get any files ending in this. I’m not keen on Spotlight yet, but I assume if I put in .sol it will return anything with .sol in it, or ending with it. Perhaps I am wrong on this?
  I looked in the forums and found a post from Klaus1 that said where to look for .sol files and traced down the spot. He wrote: “In Mac OS X they are stored in the following location:
/User’s Home Folder/Library/Preferences/Macromedia/Flash Player/#SharedObjects.
  On my Mac, the directories are a bit different from this, but I found a #SharedObjects folder but it had no files ending in .sol and I found a whole lot of empty folders under /flashplayer/sys that reflect websites I’ve been to (#www.4kidstv.com) but still no .sol files.
  So my question is: am I failing to find them? Or are they being deleted automatically? (I doubt it) Or are they in some new format that doesn’t end in .sol?
  Thanks,
  Hugh

  Hi Hugh
  Rather than attempting to find those files, I suggest you lock the Shared Object folder. This precludes any Flash cookie info from being written to your HD.
  To do so, go to the Finder and navigate to the Macromedia folder - Your User Account>Library>Preferences folder. Continue drilling down to the Shared Objects folder. Now, simply move to the trash the contents of the Shared Objects folder. Once the folder is empty, click on the Shared Objects folder, Command/I to open its Info panel and click on the Locked option, then close the panel.
  From here on out, no information will be written to that file. I did this awhile ago and have not had any adverse effect from locking the folder.

• Security issues for Flash cookies, Local Shared Objects, .sol files

  Good day, all
  I just found out a bit about flash cookies from Wikipedia and http://epic.org/privacy/cookies/flash.html
  I was wondering if there was a security issue with these (as opposed to privacy issues)?
  It seems easy enough to prevent them being stored or delete them after they are set.
  Thanks,
  Hugh

  Hello Patricia,
  You wrote,
  I came to this forum to see if I could find out how to delete adobe's flash cookies
  You have to do it online via this website.
  Macromedia's Website Storage Settings panel
  Note: As the site says, the dialogue box is not an image, "it is the actual settings manager"
  I just tried it out and deleted the flash content from How Stuff Works, then revisited the site (How Stuff Works) and it didn't add it back, so it seems to work as stated.
  regards roam

• How do I delete Flash cookies on my MacBook Pro with Mavericks OS X?

  Hi there! Since switching over to the Mavericks OS X, my husband noticed that I had over 3000 cookies stored in my laptop. After deleting cookies in eash browser, we noticed they are still there. After some googling, I suspect that it is Flash cookies that are installed in my computer. How do I delete these? On a couple of websites, that appears to have outdated information, they recommended downloading the Flush app. I noticed it is no longer available.
  Anyone care to help?

  System Preferences > Flash and you can delete all info there manually, or set it to not accept information.
  What I use is the free Firefox web browser + Ghostery and Click&Clean.
  Ghostery has a option to delete Flash and Silverlight cookies upon exit (if enabled in preferences)
  Click&Clean wipes everything when the browser is closed.
  Firefox also has click to play, so Flash and other plugins are not running on every site, rather one has to click to enable it when they want as to prevent those from running and placing/retriving cookies in the first place. Better security also.
  And there is more than just Flash cookies, there are web bugs, mouse trackers, history sniffers, HTML and Ever Cookies, plus all sorts of webside exploits.
  Only by enabling Javascript/scripts only on sites you trust can you avoid a lot of this nonsense, the only easy method is to use Firefox and the NoScript add-on, which you drag a "temp allow all" button to the toolbar in Firefox to click on sites you trust.
  https://en.wikipedia.org/wiki/NoScript
  Also Ad Block Plus is also advised, as ad's can deliver makware and slow down the browsing speed.
  See this here
  Maintain some level of privacy/cookie tracking

• Want to Post a Warning from Pay Pal Regarding Safari

  I have read the latest issue of MacWorld, there is a short artcle about a warning from Pay Pal to "Steer Clear of Safari". Pay Pal "Chief information security officer", says, that "Safari has no built in Phishing filter to warn users when they are visiting suspicious web sites" he also says "a 2nd problem that safari has is it lacks support for another antiphishing Technology, called an Extended Validation Certificate."
  I would like to send this little info. out to someone that can either take this info out to someone that knows a apple Developer that can maybe do some adjusting to Safari so that the Safari web browser can be safer for the visitor, or maybe someone can refer me or direct me to a apple developer so that I can pass this info over to them and and suggest that they make some adjustment to Safari so that it is a safer Browser.
  Has anyone seen or read that little artcle in the " News in Brief" side bar?
  I am just trying to Help Safari and its developers to try to improve their web Browser so it can be safer for us users.
  Let me know what your feed back.
  Thanks,

  I have read the latest issue of MacWorld, there is a short artcle about a warning from Pay Pal to "Steer Clear of Safari". Pay Pal "Chief information security officer", says, that "Safari has no built in Phishing filter to warn users when they are visiting suspicious web sites" he also says "a 2nd problem that safari has is it lacks support for another antiphishing Technology, called an Extended Validation Certificate."
  I would like to send this little info. out to someone that can either take this info out to someone that knows a apple Developer that can maybe do some adjusting to Safari so that the Safari web browser can be safer for the visitor, or maybe someone can refer me or direct me to a apple developer so that I can pass this info over to them and and suggest that they make some adjustment to Safari so that it is a safer Browser.
  Has anyone seen or read that little artcle in the " News in Brief" side bar?
  I am just trying to Help Safari and its developers to try to improve their web Browser so it can be safer for us users.
  Let me know what your feed back.
  Thanks,

• AIRHelp and Flash cookies

  Does AIRHelp use Local Shared Objects (Flash cookies)?  My company is concerned about security.

  Hi Jack
  I've forwarded this thread to some friends and to Adobe asking for comment.
  Hopefully we will see something shortly!
  Cheers... Rick
  Helpful and Handy Links
  RoboHelp Wish Form/Bug Reporting Form
  Begin learning RoboHelp HTML 7 or 8 moments from now - $24.95!
  Adobe Certified RoboHelp HTML Training
  SorcererStone Blog
  RoboHelp eBooks

• Are Cross Domain Flash Local Shared Objects (LSO aka Flash Cookie) possible

  Hi,
  I found several solutions for creating Flash LSOs from JavaScript (for example: http://www.nuff-respec.com/technology/cross-browser-cookies-with-flash )
  If Page (www.hostA.com/index.html) and the .swf file are from the same site, everything works fine.
  Now I'm trying to load the page form www.hostA.com/index.html, which includes www.hostB.com/flashcookie.swf (different sites). But then I cannot read or store the LSO.
  I have tried several configurations (crossdomain.xml,  Security.allowDomain("...") ), but nothing works.
  Is this kind of cross domain access to a LSO possible?
  Can a flash based advertisement delivered by a 3rd party save a LSO on my disc?
  Thanks
  -stephan

  I 100% agree!  We have an application that the Government requires information to be stored on the users computer as part of Multi-Factor-Authentication.  We originally wrote it as a browser application and when everyone and their brother started deleting browser cookies because of security concerns, we totally re-wrote it as a Flash application to take advantage of permanent storage.  This new "feature" in Flash Player is causing much concern because thousands of users will need to start answering lots of security questions every single time they use the application (ie: daily) and our staff is having to handle technical support questions that shouldn't exist.  Right now it's only IE that's causing the issue, but I'm sure every browser and Internet Security program will soon be adding this to their products.  There should at least be a way for the USER to white-list a specific Domain so Flash could exempt those sites from ANY external program trying to delete ALL Shared Objects/Local Storage/Flash Cookies.  The USER should be given that choice.  This would satisfy the extra privacy you are putting in there and still allow information to be stored from sites that require it.
  John

• Did you know about Flash Cookies?

  I know about regular cookies, and delete them... but had no idea there was such a thing as a Flash Cookie
  Read about 1/2 way down here http://windowssecrets.com/comp/100805

  Rod,
  Since you're a confessed geek with some actual coding chops, I'm sure you'll understand the hair I'm about to split here. Hang on a moment while I grab my axe...
  Even with your page jumps, the cookie isn't doing anything. It's just a text file named after a snack. What's causing your page to jump, browsers to redirect, and the moon to shift its gravitational field three degrees to the north is the code in the web page that's being loaded. True, it may look in the text file to see what IP address to report to, but the connection, handshaking, transfer of data and powering up of lasers are all on your web page (or the server side code being executed on its behalf). The cookie is little more than a poorly dressed informant hanging out on the street corner waiting to pass along tidbits of information when the right person asks. Doesn't exactly make it a savory character (name notwithstanding), but it's a harmless one nonetheless. If it's evil you seek, you'll find it in the web site, not the cookie. And that's why I never understood the religious fervor against cookies.
  Now, if you want a truly dangerous leave behind, at least on Windows, ActiveX controls are your guys. They're really just glorified COM objects, and thus have complete access to the entire Windows API. Give me permission to install an ActiveX control on your machine and I can rewrite your file system, start and stop services, reboot your computer, or just turn the screen a hyperintelligent shade of the color blue because it amuses me. Anything that can be done in Windows programming is essentially available to the ActiveX control.
  Of course, browsers got hip to this years ago, and now the default security settings for ActiveX are to not install automatically, or at least to query the user first. Or, as it's configured on my machine, feel free to install if you can make it past this shotgun pointed at your head. Maybe that's why there's not as much of a flap about ActiveX as there is about cookies. Because they're truly dangerous, the browser community took it seriously.and now only someone with a death wish allows a web page to install an ActiveX component.
  And overall, this is kinda my point. The much maligned cookie gets a bad rap while in truth it's the web page staring you right in the face that's preparing to rob, rape and pillage. But then, misdirection has always been a classic tactic in warfare.

• How do I call a 10g report from a jsp page securly?

  How can I call a report from a jsp page securly? We are migrating from 10g forms to J2EE, and we want to keep using our reports. In forms we were able to do this using a cookie. How can I pass a users credentials to reports without the user having to connect to the database? Single Sign-on isn't an option either.
  Thanks,
  Jim

  Hi Jim,
  If you want to pass the user credentials to the report dynamically, then SSO (Single Sign-On) is the only option I can think of.
  If the user credentials can be hard-coded, then the following 2 solutions are possible:
  1. Use cgicmd.dat file, and write the user credentials in the file.
  2. In your report JSP itself, you could write the following:
  <rw:report id="report" parameters="userid=scott/tiger@mydb">
  Navneet.

• Why aren't Flash cookies cleared the first time I exit Firefox?

  I am running XP, Firefox 16.0.1 and Flash Player 11.4.402.287 and have Firefox configured to "Clear history when Firefox closes", with "Cookies" (amongst other options) checked in the "Settings for Clearing History". I also have Flash Player configured to "Block all sites from storing information on this computer."
  As I understand things, starting with Firefox 4 and Flash Player 10.3, having Firefox configured this way should cause Flash cookies to be deleted upon exiting Firefox. I also understand that even though I have Flash configured as I do, a list of sites that attempt to plant a Flash cookie will still be recorded in the main settings.sol cookie.
  I have noticed, though, that this list of empty Flash cookies is not deleted the first time I exit Firefox; rather, the list is deleted after launching and then exiting Firefox again.
  Here's a step-by-step example:
  1) Control Panel -> Flash Player -> Storage tab -> Local Storage Settings by Site... button -> confirm that the list is empty
  2) Exit the Flash Player Settings Manage
  3) Launch Firefox -> go to www.hulu.com and click on a video to start it playing
  4) Relaunch Control Panel -> Flash Player -> Storage tab -> Local Storage Settings by Site... button -> confirm that the list shows www.hulu.com, 0 bytes, Block
  5) Exit the Flash Player Settings Manager
  6) Exit Firefox
  7) Relaunch Control Panel -> Flash Player -> Storage tab -> Local Storage Settings by Site... button -> NOTE THAT THE LIST STILL SHOWS www.hulu.com, 0 bytes, Block
  8) Exit the Flash Player Settings Manager
  9) Relaunch Firefox
  10) Relaunch Control Panel -> Flash Player -> Storage tab -> Local Storage Settings by Site... button -> NOTE THAT THE LIST STILL SHOWS www.hulu.com, 0 bytes, Block
  11) Exit the Flash Player Settings Manager
  12) Exit Firefox
  13) Relaunch Control Panel -> Flash Player -> Storage tab -> Local Storage Settings by Site... button -> NOTE THAT THE LIST IS NOW EMPTY
  So again my question is - why isn't this list emptied the first time around?

  Ok, so I created a new profile and followed the steps I spelled out in my first post several times - each time the Hulu flash cookie was cleared the first time I closed Firefox.
  So what would you recommend I do next to get to the bottom of the behavior in my current profile? Should I go about disabling my extensions and plugins one by one and repeating the test each time?
  Thanks again so much for your time and help.
  PS: I never have a problem with Hulu playing with my flash local storage set to zero - interesting that you do...

• How can I verify virus warning from Apple is valid?

  I just received a notice from the "Apple security center" warning me that Apple Web Security has detected Trojans and is ready to remove them all.  This is followed by options to Cancel or Remove all.  The claim is that 66 viruses have been found.
  I am suspicious to follow this warning in case it is not legitimately from Apple.
  My Apple Care is expired and I cannot find a way to contact them to verify Apple sent this warning.

  Hi spartan, I've just received a similar warning.
  Check this video:
  http://www.youtube.com/watch?v=g0hNrr_A5Gc
  It is a trojan horse. Once you clic on any button it will download an "anti-malware.zip" file which has a "inavd.pkg" file that should have an anti-malware. In case you've downloaded them, just delete them and empty the trash. Finally, close that tab and contact apple: http://www.apple.com/contact/feedback.html
  Good luck!

• Unidentified Flash Cookies App on Macbook Pro

  My computer has been running a little slower than normal. I decided to run a "privacy scan" app which identified 5 installed applications on my computer. I did not recognize one called "flash cookies". I tried to find it on my computer and was unsuccessful. I even searched the App Store and there was not an app with this name. Is it some sort of malware? This could be a regular Mac app that I am not aware of, but I just want to be clear because I am not able to find any information about it. I don't remember downloading it, or it being part of a program that I downloaded. It's very odd. Any help is much appreciated. I attached a photo of the privacy scan.

  kappadeltakanna wrote:
  Thank you so much for the very informative answer FatMac! I carried out both of your options, and the "flash cookies" application still won't go away from the list of identified applications in "privacy scan". The list is composed of Safari, QuickTime, Finder, Preview, and Flash Cookies. It must not be a super cookie because it would have been deleted. I can't find it anywhere on my computer except when it comes up in the privacy scan list, and they are just identifying it as an application not as a threat to my computer. It's a mystery to me.
  In looking through the Privacy Scan user's "guide" I think it's a mystery because of how poorly designed the interface and operation of Privacy Scan is. It looks like the list of installed applications in your screen shot only refers to where Privacy Scan can look, and the check boxes show you which of them you want scanned. The Flash (or Super) Cookies that I'm familiar with will be in the Macromedia directory if you have any. When you run a scan, Flash cookies should be listed in the Privacy Scan Results window if you have any. If it isn't in the Results list, you don't have any (at least according to Privacy Scan) but it will still be listed in the Installed Applications window so you can include or omit that category from the scan.
  One of the reasons I suggested Opera is that, with the Macromedia directory list in a Finder window, you can run the "Clear Browsing Data..." routine and actually watch the Super Cookies disappear.
  But assuming Privacy Scan actually works, if Flash Cookies don't appear in the "Results" list, you don't have to worry about them.

• Flash player warning

  Every website I visit I get a warning from Adobe flash player. I think this started with the latest download of flash player. How to I delete/disable this warning. I did try a reinstallation

  What warning?
  What is your OS & version
  What is your browser & version?

• I don't want flash cookies deleted with the rest of the cookies.

  Either an update with firefox or adobe flash player now couples flash cookies with the rest. I like having my internet related cookies clear upon closing the browser to help save space and destroy anything malicious, but don't want to have my flash game data get cleared in the process. I've checked the security tab in options, but there doesn't seem to be a way to specify for flash cookies to remain unharmed; it's either delete all cookies or delete no cookies. Is there a way to have my cookie and eat it too?

  Let cookies expire when you close Firefox instead of using [[Clear Recent History]].
  * https://support.mozilla.com/kb/Cookies
  * https://support.mozilla.com/kb/Enabling+and+disabling+cookies

• 'Jorge' has now (8/1) blocked ALL flash - including legit from Adobe!

  I now see that as of 8/1, "Jorge" has 'blocked' a supposedly malicious version of Flash. There is a VALID comment from a user, pointing out correctly that this 'block' is badly implemented, and actually causes blocking of LEGIT flash downloads directly from Adobe.com.
  This is the case with the Firefox approved solution: uninstall Flash and install / roll back to 10.3.
  Firefox now refuses to recognize ANY flash version.
  What kind of testing - if any - do you 'software' jockeys use??
  Over the last few years, as FF has grown larger and bloatfilled, the 'design by committee' approach is showing its real faults. You seem unable to exercise any kind of real quality control at all.
  I think, like the other gentleman, I may be FORCED to go to (almost any) alternate browser.

  You are using a very old version of Firefox (3.6.17), you should update to Firefox 14.0.1 as it has the most recent Firefox security updates (3.6 is no longer supported).
  I'm assuming you mean [https://addons.mozilla.org/en-US/firefox/blocked/i115 https://addons.mozilla.org/en-US/firefox/blocked/i115]? This does not block the official Adobe Flash, but only a malicious add-on that went by the same name. I'd suggest you try doing the following:
  #Update to Firefox 14.0.1
  #Update to Flash 11.3
  #If you have any problems, disable Flash protected mode [http://forums.adobe.com/thread/1018071?tstart=0 http://forums.adobe.com/thread/1018071?tstart=0]